- Jamf Nation Community
- Products
- Jamf Pro
- locking docks
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
locking docks
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:29 AM
What is the best way to lock the dock so that no one can make changes to it. In the past we have used parental controls but this takes forever on 100 machines. I tried just doing it on one machine and sending the plist out.. same thing. Any ideas? Thanks!
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:31 AM
You can use workgroup manager to lock docks, one of the many advantages of a mac OD setup
Criss
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:32 AM
I should clarify, we don't use OD and can't use manage preferences.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:32 AM
Open Directory is the way to go. Workgroup Manager makes it VERY easy.
Steve
--
Steven Diver, Network Manager
Adlai E. Stevenson High School / www.d125.org
Email: sdiver at d125.org / Phone: 847.415.4304
"Be not simply good, be good for something."
-Henry David Thoreau (1817-1862)
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:34 AM
or if you dont have an od setup you could run wgm on the local clients and just import mcx settings for the dock for the specific user account.
jorge
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:34 AM
You can do it using Open Directory or Casper Managed Preferences.
In Casper create a Managed Preference. Create Setting from Template >
com.apple.dock and do "Changes Disabled"
You want the contents-immutable key changed to true.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:36 AM
I need to do this without OD
Without Casper Managed Prefs as we have that turned off right now.
I need to do this via Casper.
Is this an impossible task?
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:42 AM
If the "locked" dock is for a specific local user "student" could she create a User Environment package for that user that has the dock.plist and then set a login or logout policy for those computers to apply that package on an ongoing basis. Cache for offline use, too?
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 10:47 AM
If you are not using Open Directory I don't think theres any downside to
turning on Casper Managed Preferences.
You could probably use plist buddy to modify the contents-immutable key in
com.apple.dock to True and run it on login, but that seems like a lot more
work.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:05 AM
create a server admin tools package and deploy that.
on one machine configure your dock settings via wgm and then in terminal export the mcx settings:
sudo /usr/bin/dscl . -mcxexport /Users/"account name here' > ~/Desktop/ mcx.txt
package up this mcx file and deploy it to the machines.
run this script via casper to import the mcx settings:
#!/bin/sh
/usr/bin/dscl . -mcximport /Users/"account name here" /path/to/mcx.txt
rm -f /mcx.txt
jorge
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:07 AM
Can you change the owner on com.apple.dock.plist so that it can't be modified?
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:17 AM
We set up templates for the student user accounts that are cached
locally on the computer and upon each reboot a policy that is available
off line replaces the potentially changed student prefs such as dock
with the good cached and hidden template. Let me know if you want more
info on this.
The advantage for us was that I also created an applescript application
that allows our building level technical contacts to create the template
on their own and disperse it via ARD, the only help they need from us is
that we have to put the computers in the scope of the policy.
-Dusty-
Dustin Dorey
Technology Support Cluster Specialist
Independant School District 196
Rosemount-Apple Valley-Eagan Public Schools
dustin.dorey at district196.org
651|423|7971
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:19 AM
what about self healing??
eric winkelhake
mundocomww
office 312 220 1669
cell 312 504 5155
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:36 AM
How about using deep freeze?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 11:56 AM
Date: Wed, 5 Aug 2009 12:36:11 -0500
Take 20 minutes to explore Managed Preferences in the JSS. Turning it on
does nothing until you actually assign (scope) computers or computer groups
to it. Assign one machine to it for testing.
All machines phone home at login unless they cannot connect to the JSS for
some reason. The new settings will be applied then.
Very simple and very quick to set up. An elegant solution.
--
bill
William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 04:20 PM
Just to chime in yet another way...
Self healing log in hooks done by casper policy, and capture the dock with composer and make it a package. It will get deployed at every log in.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2009 04:28 PM
This is how we have done it (though we'll move to managed preferences in Casper this year). We have the Dock and environment packages apply at startup. So, a kid can mess with anything and if they do, restart the computer. Check the box to make available off-line and then it's just there on the machine from then on. It will make startup a tad slower, but we do it there so as kids log in and out there isn't the delay, only reboot if something is messed up.
Thanks,
John
--
John Wetter
Technology Support Administrator
Educational Technology, Media & Information Services
Hopkins Public Schools
952-988-5373
